This Wiki page is edited by participants of the WCAG Working Group. It does not necessarily represent consensus and it may have incorrect information or information that is not supported by other Working Group participants, WAI, or W3C. It may also have some very useful information.

Authentication process can rely on the user or user-agent entering personal identification information for name, username, password, identification number, and email address if the web content does not block automatic entry.

There are governing statutory requirements that require the use of memorisation, calculations, gestures or transcription in authentication processes.

Version after 11/27 call for Accessible Authentication (A)

Required steps of a re-authentication process which rely upon recalling or transcribing information have one of the following:

alternative required steps, that do not rely upon recalling or transcribing information

an authentication-credentials reset process, which does not rely upon recalling or transcribing information

Except for when any of the following are true:

Re-authentication process only relies on basic personal identification information to which the user has easy access, such as name, address, email address and national identification number.

441

Proposed response (by AWK):
The exception related to existing legal requirements has been changed, but as your point is more related to the applicability of such an exception outside of legal requirements it may be more relevant that the SC has been moved to AAA.

473

Proposed response (by AWK):
The WG recognizes the challenges presented by this SC, but also believes that new developments such as using the Web Authentication API when it is available will make support for this SC easier. The WG has moved this SC to AAA.

564

Proposed response (by AWK):
The WG has changed this to be at level AAA, and changed the legal exception to read: There are governing statutory requirements that require the use of memorisation, calculations, gestures or transcription in authentication processes.